This scenario is suitable if you have Identity Manager servers installed on two separate eDirectory trees where one tree belongs to AWS cloud and the other tree belongs to the enterprise network. This configuration uses eDirectory driver to synchronize the identities between AWS cloud and the enterprise network through a VPN connection. The Identity Manager server that is running on the enterprise network or AWS cloud synchronizes the identities across their respective connected applications.
Figure 12-4 Hybrid Scenario Using eDirectory Driver Connection
The communication between the AWS cloud and the enterprise network is limited. It only synchronizes the delta changes. You can control the attributes to synchronize by configuring the driver filter. You can also leverage the policy engine to define additional controls for synchronizing attributes. For example, limit the password attribute from synchronizing and allow users to use different passwords to access Identity Manager servers from AWS cloud and the enterprise network.